From: David H. Lipman on
From: "Robin Bignall" <docrobin(a)ntlworld.com>

< snip >

| Thanks. I should say two other things:
| I ran MRT.EXE /f:y this afternoon. Zero problems reported.
| On reboot, sometimes all of these 'infection' messages are simply not
| there. Then, on another reboot, they're back again, sometimes a few,
| sometimes screens full. Normally I hibernate overnight and only
| reboot when something, like critical updates, forces me to.

| (alt.privacy.spyware added because this is being discussed there,
| too.)
| --
| Robin
| (BrE)
| Herts, England


It is definitly a security tool set to delete the file index.dat at system Reboot and
before the Winlogon process.

However, at this time none of my peers have pinpointed exactly what security tool is
generating the process.

However at this point I can/will say "don't worry". We know have done numerous anti
malware scans and the system can be deemed clean so don't get frazzled over this.

I will keep researching this and hopefully we will find what security tool is generating
the display you have seen.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


From: "FromTheRafters" erratic on
"Robin Bignall" <docrobin(a)ntlworld.com> wrote in message
news:bubrg555vcle0jo5kj0ioouhg90djmtlsg(a)4ax.com...

The precise message is:
INFECTION:DOCUMENTS AND SETTINGS\ROBIN BIGNALL\COOKIES\INDEX.DAT COULD
NOT BE REMOVED. FILE IS NO LONGER EXISTENT.

***
It sounds to me like a conflict between two programs trying to do the
same thing, and one doesn't check for the existence of the file prior to
attempting the delete action.
***


From: Andy Walker on
David H. Lipman wrote:

>I will keep researching this and hopefully we will find what security tool is generating
>the display you have seen.

It occurred to me that she may be able to find the text of the error
in a log file for the program generating the error. Assuming the
program keeps a log, and the log has a formatted text element, she
should be able to use the search function in Windows to search for the
string "INFECTION: DOCUMENTS AND SETTINGS\ROBIN
BIGNALL\COOKIES\INDEX.DAT COULD NOT BE REMOVED. FILE IS NO LONGER
EXISTENT." or some portion of that. If she can find the log file, she
should be able to identify the program.

From: David H. Lipman on
From: "Andy Walker" <awalker(a)nspank.invalid>

| David H. Lipman wrote:

>>I will keep researching this and hopefully we will find what security tool is
>>generating
>>the display you have seen.

| It occurred to me that she may be able to find the text of the error
| in a log file for the program generating the error. Assuming the
| program keeps a log, and the log has a formatted text element, she
| should be able to use the search function in Windows to search for the
| string "INFECTION: DOCUMENTS AND SETTINGS\ROBIN
| BIGNALL\COOKIES\INDEX.DAT COULD NOT BE REMOVED. FILE IS NO LONGER
| EXISTENT." or some portion of that. If she can find the log file, she
| should be able to identify the program.


A good approach !

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


From: Robin Bignall on
On Wed, 25 Nov 2009 23:34:09 -0500, Andy Walker
<awalker(a)nspank.invalid> wrote:

>David H. Lipman wrote:
>
>>I will keep researching this and hopefully we will find what security tool is generating
>>the display you have seen.
>
>It occurred to me that she may be able to find the text of the error
>in a log file for the program generating the error. Assuming the
>program keeps a log, and the log has a formatted text element, she
>should be able to use the search function in Windows to search for the
>string "INFECTION: DOCUMENTS AND SETTINGS\ROBIN
>BIGNALL\COOKIES\INDEX.DAT COULD NOT BE REMOVED. FILE IS NO LONGER
>EXISTENT." or some portion of that. If she can find the log file, she
>should be able to identify the program.

Excellent idea, Andy. I'll try now and report back. Thanks also
David.
--
Robin (who is a he!)
(BrE)
Herts, England